GPT AT THE POLLS

Political bias, quantified

01 Legal

Privacy Policy

How ROARK GmbH processes personal data under the GDPR.

I — The Controller

Who is responsible for data processing

The controller within the meaning of Article 4(7) GDPR is: ROARK GmbH, Bossigasse 24/8, 1130 Vienna, Austria.

You can contact us at kontakt@roark.at. Further company details are available in the Imprint.

Personal data means any information relating to an identified or identifiable natural person (for example IP address, email address, or communication content).

II — Collection

Data processing on this website

1. Access data and server logs

When you visit this website, technical access data is processed to deliver the site and ensure security and stability. This can include:

  • Your IP address
  • Date and time of request
  • Requested URL/path
  • Referrer URL
  • Browser and operating system (user agent)

Purpose: technical operation, IT security, abuse prevention.
Legal basis: Article 6(1)(f) GDPR (legitimate interests).
Retention: for as long as necessary for security and troubleshooting, generally short-term, and longer only where needed to investigate specific incidents.

2. Cookies

We do not use analytics or marketing cookies on this website. Only technically necessary storage/cookies may be used by the platform to provide core functionality.

3. Communication by email

If you contact us by email, we process your email address, message content, and related metadata to handle your request.
Purpose: communication and handling inquiries.
Legal basis: Article 6(1)(b) GDPR (pre-contractual or contractual communication) and Article 6(1)(f) GDPR (general communication).
Retention: until the request is completed and thereafter only as long as legal retention duties apply.

4. Processors and recipients

We use carefully selected service providers (processors) under data processing agreements (Article 28 GDPR), including:

Vercel

Website hosting, infrastructure, CDN, and domain-related services

Convex

Backend/database infrastructure

Migadu

Email infrastructure

Data may be transferred to countries outside the EEA where required for these services. Such transfers are based on GDPR safeguards, in particular adequacy decisions and/or EU Standard Contractual Clauses (SCCs), supplemented where required.

III — Retention

Data retention period

We store personal data only for as long as needed for the stated purposes or where statutory retention duties apply. Where retention periods expire, the data is deleted or anonymized. If data is required for legal claims, processing is limited to that purpose.

IV — Legal Basis

Purpose and legal basis

We process personal data in accordance with the GDPR and Austrian data protection law (Datenschutzgesetz, DSG). Depending on the processing activity, the legal basis is Article 6(1)(a), (b), or (f) GDPR.

V — Disclosure

Disclosure of personal data

Personal data is disclosed only where necessary:

  • to processors that provide infrastructure or communication services on our behalf,
  • where required by law, official order, or to establish, exercise, or defend legal claims.

VI — Your Rights

Data protection rights

Under the GDPR, you have the following rights:

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure (“right to be forgotten”)
  • Right to data portability
  • Right to restrict processing
  • Right to object to processing
  • Right to withdraw consent at any time

You also have the right to lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehoerde), Barichgasse 40-42, 1030 Vienna, Austria, www.dsb.gv.at.

VII — Consent

Withdrawal of consent

Where processing is based on consent, you may withdraw your consent at any time with effect for the future.

VIII — Amendments

Amendments to this policy

We may update this policy to reflect legal, technical, or organizational changes. The current version published on this page applies.

Last updated: February 25, 2026.

IX — Additional Information

Mandatory data and automated decisions

Providing personal data is generally not legally required to visit this website. However, without certain technical data (for example IP address), the website cannot be delivered securely.

We do not use automated decision-making, including profiling, within the meaning of Article 22 GDPR for website visitors.